Patch Tuesday August 2020

Copyright © 2020 Ivanti. All rights reserved.
Patch Tuesday Webinar
Wednesday, August 12, 2020
Hosted by: Chris Goettl & Todd Schell
Dial in: 1-877-668-4490 (US)
Event ID: 113 229 7116

Agenda
August 2020 Patch Tuesday Overview
In the News
Bulletins and Releases
Between Patch Tuesdays
Q & A
1
2
3
4
5

Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved.
Overview

In the News

FBI PIN Warns of Increased Attacks on EoL OSs
 FBI issues warnings over Windows 7 end-of-life
 https://www.zdnet.com/article/fbi-issues-warning-over-windows-7-end-of-life/
 FBI PIN 20200803-002
 https://www.documentcloud.org/documents/7013545-Windows-7-
End-of-Life-PIN-20200803-002-BC.html
 Microsoft to remove all Windows downloads signed with SHA-1
 https://www.bleepingcomputer.com/news/microsoft/microsoft-to-
remove-all-windows-downloads-signed-with-sha-1/
Source: Microsoft

Netlogon Secure Channel Connections
 Changes Associated with CVE-2020-1472
 Deployment Guidelines
 Deploy August 11th updates
 Monitor for warning events
 Act on warning events
 Full enforcement mode goes into effect February 9, 2021

Known Exploited and Publicly Disclosed
 CVE-2020-1464 Windows Spoofing Vulnerability
 A spoofing vulnerability exists when Windows incorrectly validates file signatures.
An attacker who successfully exploited this vulnerability could bypass security
features and load improperly signed files.
 In an attack scenario, an attacker could bypass security features intended to
prevent improperly signed files from being loaded.
 The update addresses the vulnerability by correcting how Windows validates file
signatures.
Source: Microsoft

Known Exploited
 CVE-2020-1380 Scripting Engine Memory Corruption Vulnerability
 A remote code execution vulnerability exists in the way that the scripting engine
handles objects in memory in Internet Explorer. The vulnerability could corrupt
memory in such a way that an attacker could execute arbitrary code in the context
of the current user. An attacker who successfully exploited the vulnerability could
gain the same user rights as the current user. If the current user is logged on with
administrative user rights, an attacker who successfully exploited the vulnerability
could take control of an affected system.
 In a web-based attack scenario, an attacker could host a specially crafted website
that is designed to exploit the vulnerability through Internet Explorer and then
convince a user to view the website. An attacker could also embed an ActiveX
control marked "safe for initialization" in an application or Microsoft Office
document that hosts the IE rendering engine. The attacker could also take
advantage of compromised websites and websites that accept or host user-
provided content or advertisements. These websites could contain specially
crafted content that could exploit the vulnerability.
Source: Microsoft

Another CVE of Interest
 CVE-2020-1337 Windows Print Spooler Elevation of Privilege
Vulnerability
 An elevation of privilege vulnerability exists when the Windows Print Spooler
service improperly allows arbitrary writing to the file system. An attacker who
successfully exploited this vulnerability could run arbitrary code with elevated
system privileges. An attacker could then install programs; view, change, or delete
data; or create new accounts with full user rights.
 To exploit this vulnerability, an attacker would have to log on to an affected system
and run a specially crafted script or application.
 The update addresses the vulnerability by correcting how the Windows Print
Spooler Component writes to the file system.
Source: Microsoft

Microsoft Patch Tuesday Updates of Interest
 Advisory 990001 Latest Servicing Stack Updates (SSU)
 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV990001
 Updated SSUs this month
 Windows 7/Server 2008/2008 R2
 Windows 10 1809 > 2004
 Development Tool and Other Updates
 ASP.NET Core 2.1, 3.1
 Visual Studio 2017-2019
 Visual Studio Code
Source: Microsoft

Windows 10 Lifecycle Awareness
 Windows 10 Branch Support
Source: Microsoft

Windows 10 Lifecycle Awareness (cont)
 Enterprise LTSB/LTSC Support
 Complete Lifecycle Fact Sheet
 https://support.microsoft.com/en-us/help/13853/windows-lifecycle-fact-sheet
Source: Microsoft

Patch Blog
 Latest Patch Releases
 Microsoft and Third-party
 Security and non-Security
 CVE Analysis
 Security Events of Interest
 Host: Brian Secrist
 https://www.ivanti.com/blog
/topics/patch-tuesday

Patch Content Announcements
 Announcements Posted on Community Forum Pages
 https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2
 Subscribe to receive email for the desired product(s)

Bulletins and Releases

APSB20-48: Security Update for Adobe Acrobat and Reader
 Maximum Severity: Critical
 Affected Products: Adobe Acrobat and Reader (all current versions)
 Description: Adobe has released security updates for Adobe Acrobat and Reader for
Windows and MacOS. These updates address critical and important vulnerabilities.
Successful exploitation could lead to arbitrary code execution in the context of the
current user.
 Impact: Remote Code Execution, Security Feature Bypass, Denial of Service,
Elevation of Privilege and Information Disclosure
 Fixes 26 Vulnerabilities:
https://helpx.adobe.com/security/products/acrobat/apsb20-48.html
 Restart Required: Requires application restart

ICLOUD-200811: Security Update for iCloud for Windows 11.3
 Affected Products: iCloud for Windows
 Description: Apple has released a security update for iCloud for Windows supporting
Windows 10 and later.
 Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, and
Spoofing
 Fixes 20 Vulnerabilities: https://support.apple.com/en-us/HT211294

MS20-08-W10: Windows 10 Update
 Affected Products: Microsoft Windows 10 Versions 1607, 1709, 1803, 1809, 1903,
1909, 2004, Server 2016, Server 2019, Server version 1709, Server version 1803,
Server version 2004, IE 11 and Microsoft Edge
 Description: This bulletin references 19 KB articles. See KBs for the list of changes.
 Impact: Remote Code Execution, Spoofing, Denial of Service, Elevation of Privilege
and Information Disclosure
 Fixes 94 Vulnerabilities: CVE-2020-1380 is known exploited. CVE-2020-1464 is
known exploited and publicly disclosed. See Details column of Security Update Guide
for the complete list of CVEs.
 Restart Required: Requires restart
 Known Issues: See next slides

August Known Issues for Windows 10
 KB 4571694 – Windows 10, Version 1607 and Server 2016
 [Min Password] After installing KB4467684, the cluster service may fail to start with
the error “2245 (NERR_PasswordTooShort)” if the group policy “Minimum
Password Length” is configured with greater than 14 characters. Workaround:
Set the domain default "Minimum Password Length" policy to less than or equal to
14 characters. Microsoft is working on a resolution.
 KB 4565349 – Windows 10, Version 1809, Server 2019 All Versions
 [Asian Packs] After installing KB 4493509, devices with some Asian language
packs installed may receive the error, "0x800f0982 -
PSFX_E_MATCHING_COMPONENT_NOT_FOUND.“ Workaround: Uninstall
and reinstall any recently added language packs or select Check for Updates and
install the April 2019 Cumulative Update. See KB for more recovery details.
Microsoft is working on a resolution.

August Known Issues for Windows 10 (cont)
 KB 4565349 – Windows 10, Version 1809, Server 2019 All Versions
 [Edge] After installing KB4550969 or later, when using Microsoft Edge Legacy, you
might receive the error,”0x80704006. Hmmmm…can’t reach this page” when
attempting to reach websites on non-standard ports. Any website that uses a port
listed in the Fetch Standard specification under bad ports or port blocking might
cause this issue. Workaround: Do one of the following:
 Update to the new, Chromium-based Microsoft Edge and configure it to allow the port
used for the affected site.
 Use Internet Explorer 11 to access the website.
 Update Windows 10 to a newer version.
 Configure the website to use a standard port on the server side. Don’t use a port that is
listed in the Fetch Standard specification under bad ports or port blocking.
 Microsoft is working on a resolution.

August Known Issues for Windows 10 (cont)
 KB 4566782 – Windows 10, Version 2004
 [Editor] When using some apps, such as Microsoft Excel, users of the Microsoft
Input Method Editor (IME) for Chinese and Japanese might receive an error, or the
app might stop responding or close when attempting to drag using the mouse.
Workaround:
1. Select Start, type Settings and select it or press enter.
2. Type IME settings into the search box within Settings and select the IME settings
that are appropriate to your language, for example Japanese IME Settings.
3. Select General.
4. Turn on Use previous version of Microsoft IME.
 Microsoft is working on a solution.

MS20-08-IE: Security Updates for Internet Explorer
 Affected Products: IE 9 and IE 11
 Description: The fixes that are included in the cumulative Security Update for
Internet Explorer are also included in the August 2020 Security Monthly Quality Rollup.
Installing either the Security Update for Internet Explorer or the Security Monthly
Quality Rollup installs the fixes that are in the cumulative update. This bulletin
references 12 KB articles.
 Impact: Remote Code Execution
 Fixes 3 Vulnerabilities: CVE-2020-1567 and CVE-2020-1570 are fixed in IE 9.
CVE-2020-1380, CVE-2020-1567 and CVE-2020-1570 are fixed in IE 11. CVE-2020-
1380 is known exploited.
 Known Issues: None reported

MS20-08-MR2K8-ESU: Monthly Rollup for Windows Server 2008
 Affected Products: Microsoft Windows Server 2008 and IE 9
 Description: Security update includes improvements and fixes that were a part of update KB
4565536 (released July 14, 2020). Bulletin is based on KB 4571730. Security updates to
Windows App Platform and Frameworks, Windows Graphics, Windows Media, Windows Cloud
Infrastructure, Windows Kernel, Windows Peripherals, Windows Network Security and
Containers, Windows Storage and Filesystems, Windows File Server and Clustering, Windows
Hybrid Storage Services, Microsoft Scripting Engine, and Windows SQL components.
 Impact: Remote Code Execution, Spoofing, Elevation of Privilege and Information Disclosure
 Fixes 31 + 2 (IE 9) Vulnerabilities: CVE-2020-1464 is known exploited and publicly
disclosed. See the Security Update Guide for the complete list of CVEs.
 Known Issues: [File Rename] See next slide.

August Known Issues for Server 2008
 KB 4571730 – Windows Server 2008 (Monthly Rollup)
 [File Rename] Certain operations, such as rename, that you perform on files or folders that
are on a Cluster Shared Volume (CSV) may fail with the error,
“STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform
the operation on a CSV owner node from a process that doesn’t have administrator
privilege. Workaround: Perform the operation from a process that has administrator
privilege or perform the operation from a node that doesn’t have CSV ownership. Microsoft
is working on a resolution.
 KB 4571746 – Windows Server 2008 (Security-only Update)

MS20-08-SO2K8-ESU: Security-only Update for Windows Server 2008
 Affected Products: Microsoft Windows Server 2008
 Description: Bulletin is based on KB 4571746. Security updates to Windows App Platform and
Frameworks, Windows Graphics, Windows Media, Windows Cloud Infrastructure, Windows
Kernel, Windows Peripherals, Windows Network Security and Containers, Windows Storage and
Filesystems, Windows File Server and Clustering, Windows Hybrid Storage Services, Microsoft
Scripting Engine, and Windows SQL components.
 Fixes 31 Vulnerabilities: CVE-2020-1464 is known exploited and publicly disclosed. See the
Security Update Guide for the complete list of CVEs.
 Known Issues: [File Rename] See previous slide.

MS20-08-MR7-ESU: Monthly Rollup for Win 7
MS20-08-MR2K8R2-ESU Monthly Rollup for Server 2008 R2
 Affected Products: Microsoft Windows 7, Server 2008 R2, and IE
Windows App Platform and Frameworks, Windows Graphics, Windows Media, Windows Cloud
Infrastructure, Windows Authentication, Windows Kernel, Windows Hybrid Cloud Networking,
Windows Peripherals, Windows Storage and Filesystems, Windows Network Security and
Containers, Windows File Server and Clustering, Windows Hybrid Storage Services, Microsoft
Scripting Engine, and Windows SQL components.
 Fixes 53 + 3 IE Vulnerabilities: CVE-2020-1380 is known exploited. CVE-2020-1464 is
known exploited and publicly disclosed. See Details column of Security Update Guide for the
complete list of CVEs.
 Known Issues: [File Rename]

MS20-08-SO7-ESU: Security-only Update for Win 7
MS20-08-SO2K8R2-ESU: Security-only Update for Server 2008 R2
 Affected Products: Microsoft Windows 7 and Server 2008 R2
Frameworks, Windows Graphics, Windows Media, Windows Cloud Infrastructure, Windows
Authentication, Windows Kernel, Windows Hybrid Cloud Networking, Windows Peripherals,
Windows Storage and Filesystems, Windows Network Security and Containers, Windows File
Server and Clustering, Windows Hybrid Storage Services, Microsoft Scripting Engine, and
Windows SQL components.
 Fixes 53 Vulnerabilities: CVE-2020-1464 is known exploited and publicly disclosed. See
Details column of Security Update Guide for the complete list of CVEs.

MS20-08-MR8: Monthly Rollup for Server 2012
 Affected Products: Microsoft Windows Server 2012 and IE
Windows App Platform and Frameworks, Windows Graphics, Windows Media, Windows Shell,
Windows Cloud Infrastructure, Windows Authentication, Windows Kernel, Windows Hybrid
Cloud Networking, Windows Peripherals, Windows Network Security and Containers, Windows
Storage and Filesystems, Windows File Server and Clustering, Windows Hybrid Storage
Services, Windows SQL components, Microsoft Scripting Engine, and Windows Remote
Desktop.
 Impact: Remote Code Execution, Spoofing, Denial of Service, Elevation of Privilege and
Information Disclosure

MS20-08-SO8: Security-only Update for Windows Server 2012
 Affected Products: Microsoft Windows Server 2012
Frameworks, Windows Graphics, Windows Media, Windows Shell, Windows Cloud
Windows Peripherals, Windows Network Security and Containers, Windows Storage and
Filesystems, Windows File Server and Clustering, Windows Hybrid Storage Services, Windows
SQL components, Microsoft Scripting Engine, and Windows Remote Desktop.

MS20-08-MR81: Monthly Rollup for Win 8.1 and Server 2012 R2
 Affected Products: Microsoft Windows 8.1, Server 2012 R2, and IE
 Description: Security update includes improvements and fixes that were a part of
update KB 4565541 (released July 14, 2020). Bulletin is based on KB 4571703. Security
updates to Windows App Platform and Frameworks, Windows Graphics, Windows Media,
Windows Shell, Windows Cloud Infrastructure, Windows Authentication, Windows Kernel,
Windows Hybrid Cloud Networking, Windows Peripherals, Windows Network Security and
Containers, Windows Storage and Filesystems, Windows File Server and Clustering, Windows
Hybrid Storage Services, Windows SQL components, Microsoft Scripting Engine, and Windows
Remote Desktop.

MS20-08-SO81: Security-only Update for Win 8.1 and Server 2012 R2
 Affected Products: Microsoft Windows 8.1, Server 2012 R2
Frameworks, Windows Graphics, Windows Media, Windows Shell, Windows Cloud
Windows Peripherals, Windows Network Security and Containers, Windows Storage and
Filesystems, Windows File Server and Clustering, Windows Hybrid Storage Services, Windows
SQL components, Microsoft Scripting Engine, and Windows Remote Desktop.

MS20-08-MRNET: Monthly Rollup for Microsoft .Net
 Affected Products: Microsoft Windows .Net Framework 2.0 through 4.8
 Description: The update changes how ASP.NET and .NET handle requests which
could result in IIS improperly allowing access to cached files. It also addresses a
vulnerability by correcting how .NET Framework processes input resulting in code
execution. This bulletin references 12 KB articles.
 Impact: Remote Code Execution and Elevation of Privilege
 Fixes 2 Vulnerabilities: CVE-2020-1046 and CVE-2020-1476
 Restart Required: Does not require a system restart after you apply it unless files
that are being updated are locked or are being used.

MS20-08-SONET: Security-only Update for Microsoft .Net
 Affected Products: Microsoft Windows .Net Framework 2.0 through 4.8
 Description: The update changes how ASP.NET and .NET handle requests which
could result in IIS improperly allowing access to cached files. It also addresses a
vulnerability by correcting how .NET Framework processes input resulting in code
execution. This bulletin references 12 KB articles.
 Impact: Remote Code Execution and Elevation of Privilege
 Fixes 2 Vulnerabilities: CVE-2020-1046 and CVE-2020-1476
 Restart Required: Does not require a system restart after you apply it unless files
that are being updated are locked or are being used.

MS20-08-OFF: Security Updates for Microsoft Office
 Affected Products: Access 2010-2016, Excel 2010-2016, Office 2010-2016,
Outlook 2010-2016, Word 2010-2016, Office 2016 and 2019 for macOS
 Description: This security update resolves multiple vulnerabilities in Microsoft Office
applications. Consult the Security Guide for specific details on each. This bulletin
references 22 KB articles plus release notes for MacOS.
 Impact: Remote Code Execution and Information Disclosure
 Fixes 13 Vulnerabilities: CVE-2020-1483, CVE-2020-1493, CVE-2020-1494,
CVE-2020-1495, CVE-2020-1496, CVE-2020-1497, CVE-2020-1498, CVE-2020-1502,
CVE-2020-1503, CVE-2020-1504, CVE-2020-1563, CVE-2020-1582, and CVE-2020-
1583

MS20-08-O365: Security Updates Microsoft 365 Apps and Office 2019
 Affected Products: Microsoft 365 Apps, Office 2019
 Description: This month’s update resolved various bugs and performance issues in
Microsoft 365 Apps and Office 2019 applications. Information on Microsoft 365 Apps
security updates is available at https://docs.microsoft.com/en-
us/officeupdates/microsoft365-apps-security-updates.
 Impact: Remote Code Execution and Information Disclosure
CVE-2020-1503, CVE-2020-1563, CVE-2020-1581, CVE-2020-1582, and CVE-2020-
1583

MS20-08-SPT: Security Updates for SharePoint Server
 Maximum Severity: Important
 Affected Products: Microsoft SharePoint Enterprise Server 2013 & 2016, Microsoft
SharePoint Foundation Server 2013, and Microsoft SharePoint Server 2010 & 2019
 Description: This security update resolves vulnerabilities in Microsoft Office that
could allow remote code execution if a user opens a specially crafted Office file. This
bulletin is based on 12 KB articles.
 Impact: Remote Code Execution, Spoofing and Information Disclosure
CVE-2020-1580, and CVE-2020-1583

Between Patch Tuesdays

Release Summary
 Security Updates: Apple iTunes (1), Amazon Corretto (1), Box Edit (1), Camtasia (1),
CCleaner (2), Cisco Jabber (1), Crowdstrike Falcon Sensor (1), Dropbox (2), Firefox (1), Firefox
ESR (1), Foxit PhantomPDF (1), Foxit Reader (2), FileZilla (1), GoodSync (4), Google Chrome
(2), Google Earth Pro (1), GIT for Windows (1), LibreOffice (1), Malwarebytes (1), Microsoft
Edge Chromium (5), Nitro Pro (2), Node.JS (4), Notepad++ (1), Opera (4), Power BI Desktop
(5), Paint.net (1), Plex Media Server (1), Powershell 7 (1), Skype (1), Slack (1), Snagit (3),
Splunk Forwarder (1), SQL Server Management Studio (1), Tableau (10), Thunderbird (4),
TeamViewer (5), WinSCP (1), Zoom Client (1)
 Non-Security Updates: AIMP (2), Azure Information Protection (1), BlueJeans (1), Box Drive
(1), Google Drive (1), GOM Player (1), Microsoft (16), PDF-Xchange PRO (1), RingCentral App
(1), Royal TS (1), TortoiseHG (1), Visual Studio Code (3), Webex Teams (1)

Third Party CVE Information
 Google Chrome 84.0.4147.125
 CHROME-200810, QGC8404147125
 Fixes 14 Vulnerabilities: CVE-2020-6542, CVE-2020-6543, CVE-2020-6544, CVE-2020-
6545, CVE-2020-6546, CVE-2020-6547, CVE-2020-6548, CVE-2020-6549, CVE-2020-
6550, CVE-2020-6551, CVE-2020-6552, CVE-2020-6553, CVE-2020-6554, CVE-2020-
6555
 Google Chrome 84.0.4147.105
 CHROME-200728, QGC8404147105
 Fixes 6 Vulnerabilities: CVE-2020-6532, CVE-2020-6537, CVE-2020-6538, CVE-
2020-6539, CVE-2020-6540, CVE-2020-6541

 Microsoft Edge 84.0.522.40
 MEDGE-200717, QMEDGE84052240
 Fixes 25 Vulnerabilities: CVE-2020-6510,CVE-2020-6511,CVE-2020-6512,CVE-
2020-6513,CVE-2020-6514,CVE-2020-6515,CVE-2020-6516,CVE-2020-
6517,CVE-2020-6518,CVE-2020-6519,CVE-2020-6520,CVE-2020-6522,CVE-
2020-6523,CVE-2020-6524,CVE-2020-6525,CVE-2020-6526,CVE-2020-
6527,CVE-2020-6528,CVE-2020-6529,CVE-2020-6530,CVE-2020-6531,CVE-
2020-6533,CVE-2020-6534,CVE-2020-6535,CVE-2020-6536
 Firefox 79.0, Firefox ESR 68.11.0, Firefox ESR 78.1.0
 FF-200728, QFF790
 FFE-200728, QFFE7810, QFFE68110
2020-15653,CVE-2020-15654,CVE-2020-15655,CVE-2020-15656,CVE-2020-
15657,CVE-2020-15658,CVE-2020-15659

 Thunderbird 78.0
 TB-200716, QTB780
 Fixes 14 Vulnerabilities: CVE-2020-12402,CVE-2020-12415,CVE-2020-
12416,CVE-2020-12417,CVE-2020-12418,CVE-2020-12419,CVE-2020-
12420,CVE-2020-12421,CVE-2020-12422,CVE-2020-12423,CVE-2020-
12424,CVE-2020-12425,CVE-2020-12426,CVE-2020-15648
 Thunderbird 78.1.0
 TB-200731, QTB7810
2020-15653,CVE-2020-15654,CVE-2020-15655,CVE-2020-15656,CVE-2020-
15657,CVE-2020-15658,CVE-2020-15659

Q & A

Patch Tuesday August 2020

More Related Content

What's hot (20)

Similar to Patch Tuesday August 2020 (20)

More from Ivanti (20)

Recently uploaded (20)

Patch Tuesday August 2020